Hi, I am trying to persist osquery 

results

 and 

logs

. I am trying to use 

filebeat

 to forward the logs to a 

graylog

 server. I set up the 

sidecar

 and

filebeat

on my fleetserver and as per the official documentation but I can't see any logs coming in. Has anyone come across any  guide or how-to doc that I can refer? (edited)

https://github.com/fleetdm/fleet/blob/master/docs/1-Using-Fleet/FAQ.md#where-are-my-query-results may help

Thanks @zwass I was able to fix it. Although, I'm not sure if that's what I want to do. Use Case: I am thinking of building a software inventory/discovery platform for my IT team. I may also be interested in sending this data to some other systems, for example CMDB. So ideally a database which can be queried via SQL. would be the best fit for my use case. Since fleet hosts can only be queried when offline...a persistent DB that can be queried via simple SQL would be best. I think Graylog or any other log processing platform is more suitable for incident/event response but for my use case a SQL ready system with data as recent as 24-48 hr would also do. Is that something that can be achieved via Graylog? Would you recommend a different/better approach?